Data Privacy Day sucks elephants through a straw, and here's why...

Apparently it's Data Privacy Day tomorrow (January 28th) which, if you will allow me to quote the Stay Safe Online website blurb, is an "international effort to empower and educate people to protect their privacy and control their digital footprint". Given the Edward Snowden NSA spying revelations that broke during the course of last year, and the fallout from the recent Adobe and Target breaches which is ongoing, I don't happen to follow the flock and agree that Data Privacy Day is a timely and important event. More quotes from Stay Safe Online simply fuel my anger on the subject: "Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the January 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is now a celebration for everyone, observed annually on January 28."

Celebration? Seriously, a celebration of what? A celebration of abject failure? A celebration of how the vast majority not only don't possess the slightest idea of how to truly protect their data but nor could they, if I may be frank, give a damn. Actually, it's not anger that this kind of rubbish fuels but rather despair. Despair that such days of celebration or awareness, whichever way you paint it, ends up revealing a drab and depressing portrait of a technology culture that doesn't care. Let's take the PR surrounding the event, for example. I'm a fairly well known technology journalist in the UK where I am based, having been contributing editor of the best selling monthly IT magazine (PC Pro) for two decades as well as presenting TV and radio shows about technology, writing numerous books on the subject and writing for national (and international) newspapers and specialist journals alike. Yet has my inbox been inundated with details of Data Privacy Day celebration or awareness campaigns? Erm, no, it has not. I've counted a total of three messages relating to the 28th January event, all of them from IT security vendors looking to gain some potential column inches off the back of any coverage. Sorry folks, that's obviously not going to happen as there are no column inches. Unless you count these, of course, and you probably wouldn't want to be associated with such a negative rant.

The truth of the matter is that the aim of empowering and educating people to better protect their privacy and regain control of their digital footprint is, it almost goes without saying, obviously a good one; but it has failed, and failed miserably. The Online Trust Alliance apparently reckon that 2013 was the worst year ever for reported breaches, with more than 740 million data records being exposed; and that's just the reported cases of course. The true figure will be much, much higher I can assure you. Yes, you can take these kind of stats with a pinch of salt and they can always be countered with arguments of there being more people online than ever before, more regulatory requirements globally to report data breaches than ever before, and the list goes on. However, the fact remains that with four of the biggest data breaches of all time happening last year it is clear the message of Data Privacy Day isn't getting heard. At least not where it counts and that's in the corporate boardrooms and IT departments of enterprises the world over. There will be no celebrations at Adobe or Target, of that you can be sure, and nor should there be.

Yes, something needs to be done but this is not it. What is needed is not an international 'Hallmark Day' for want of a better phrase, with some superficial nod to the problems of privacy in our increasingly inter-connected world. What is needed is 365 Data Privacy Days, one for every day of the year, where the message is relentlessly pounded home and the consequences of ignoring it made explicitly and trouser-browningly clear.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Great rant. I too am a geek and I feel the same, but I am trying to do my part by offering a simple-to-use, free alternative to email (ThreadThat.com). Something people can use to communicate securely without divulging anything that can be tracked back to them. This is a server-side encryption solution because that is what's required to make it useable by the general public (which is the target audience). I've been refining this app since 2009 and yesterday's release is the best one yet. Now, if I could just get someone in-the-know to recognize its value and make a serious mention of it in a blog or news article.

Happy,
Idly reading articles about security, hacking, password use, hash thefts, covert surveillence, leaks.... and trying to put it all together with the public's rush to divulge all on Facebook, to be part of anything on Twitter, to be a friend of anyone and everyone, to like strangers and unknown companies while not knowing what that means.... and so I gotta say.... the public just does not care. Sure, sections of the press kick it over, try to make it sound important, try to tell people that they can be hurt by being uncaring, but it just does not work. People get murdered too, but I won't be....
When banks, card companies have to put in software to detect and refuse new PIN entries such as 1234, or 1111, or 2468, what does that tell you? When the most common password is umm... password, closely followed by 12345, and third being 123456 for the more energetic or concerned... doesn't that say that people aren't all that bothered? A dictionary attack with words of 6 or fewer letters pulls in up to 40% of passwords.
People send intimate pictures to others they barely know, and perhaps feel violated when they are posted. They don't care what THEY themselves put out there, but oh boy, they see the web as being personal when they are attacked, even being driven to suicide by vitriol which pretty much they do not have to read. Bit of a drug, really, the web and computers, smartphones. Flame wars in site message boards. Common. It's road rage all over again, but with the added cachet that this time you won't get a spanner in your face. Email being open.... saved on servers... that's going to cost Samsung millions, even billions... so if a savvy company like that is not security concious, then what chance the little bloke in the street? News Limited's internal emails about phone hacking. Well, they deserved to get caught like that, that's poetry at work.
World "days". Huh. Think of just anything, and it has a "day" associated with it... there are sites devoted to the sillier ones. What chance has World Privacy Day got of being noticed in the press when it's up against World Naked Bike Ride Day?
No, the web is special, it seems to inculcate a trust into people. They send tens of thousands of dollars to strangers in other countries on the strength of a few emails, they meet with strangers and perhaps die for it.
Security? It's just not wanted. Belief... that's the one.